Cross-Site Scripting Vulnerability in NetWin Surgemail Email Server
CVE-2010-3201

Currently unrated

Key Information:

Vendor: Netwin
Status: Surgemail
Vendor: CVE Published:; 7 January 2011

What is CVE-2010-3201?

A Cross-Site Scripting (XSS) vulnerability exists in NetWin Surgemail prior to version 4.3g, which enables remote attackers to inject arbitrary web scripts or HTML content. This is achieved through manipulation of the username_ex parameter within the surgeweb program, potentially compromising user data and session integrity, thereby exposing the application to various security threats.

References

https://www.exploit-db.com/exploits/34797/

exploitx_refsource_EXPLOIT-DB

http://www.securityfocus.com/archive/1/514115/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://ictsec.se/?p=108

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 7, 2011
Vulnerability Reserved
Aug 31, 2010

Netwin

What is CVE-2010-3201?

References

Timeline